LILIN DVR Multiple Vulnerabilities
DVR devices prior to firmware version 2.0b60_20200207
Zyxel CPE zhttpd Webserver RCE
Multiple CPE models with various firmware versions
Achat v0.150 SEH Buffer Overflow via UDP
Achat v0.150
D-Link DSP-W110A1 Cookie Command Injection
DSP-W110A1 1.05B01
EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43
EasyCafe Server 2.2.14
Heroes of Might and Magic III .h3m Map File Buffer Overflow
Complete 4.0.0.0
HD Mod 3.808 build 9
Demo 1.0.0.0
Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE
Up.Time ≤ 7.2
LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
LimeSurvey 2.0+ - 2.06+ Build 151014
Linknat VOS Manager Path Traversal File Disclosure
VOS Manager <= VOS2009
VOS Manager <= VOS3000 2.1.9.06
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
Firmware for nearly every model released prior to August 2014 are known to be affected.
Exact version boundaries remain undocumented.
RIPS Scanner v0.54 Path Traversal
RIPS Scanner v0.54
VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File
Studio 2.12.3.685
X360 VideoPlayer ActiveX Control v2.6 Buffer Overflow via ConvertFile()
VideoPlayer ActiveX Control v2.6
ColoradoFTP Server <= 1.3 Path Traversal Information Disclosure
ColoradoFTP Server <= 1.3 Build 8
Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow
Disk Pulse Enterprise v9.0.34
DiskBoss Enterprise Stack-Based Buffer Overflow RCE
v7.4.28
v7.5.12
v8.2.14
IPFire < 2.19 Core Update 101 proxy.cgi RCE
IPFire < 2.19 Core Update 101
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
OP5 Monitor <= 7.1.9
Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
Panda Global Protection 2016 <= 16.1.2
Panda Antivirus Pro 2016 <= 16.1.2
Panda Small Business Protection <= 16.1.2
(more)
PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
PDF Shaper v3.5/3.6
Piwik (now Matomo) Authenticated RCE via Custom Plugin Upload
Piwik (now Matomo) < 3.0.3
Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
SteelCentral NetExpress 10.8.7
SteelCentral NetProfiler 10.8.7
Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE
WLAN AP WEA453e < 5.2.4.T1
Tiki Wiki CMS Authenticated Command Injection in Calendar Module
Tiki Wiki <= 14.1
Tiki Wiki <= 12.4 LTS
Tiki Wiki <= 9.10 LTS
Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
Tiki Wiki <= 15.1
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
WePresent WiPG-1000 firmware < 2.2.3.0
WinaXe 7.7 FTP Client Remote Buffer Overflow
WinaXe v7.7
BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
BuilderEngine CMS 3.5.0
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
All PHP-based releases prior to the ASP.NET rewrite in 2009
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
Easy File Sharing HTTP Server v7.2
Mako Server v2.5 and v2.6 RCE via examples/save.lsp
Mako Server 2.5 - 2.6
Polycom HDX Series Telnet RCE via lan traceroute
HDX series firmware < 3.1.11 hotfix 2
ProcessMaker < 3.5.4 Authenticated Plugin Upload RCE
Processmaker < 3.5.4
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
VCX255U 9.6.0a
Potentially other VCX appliances
Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
Serviio Media Server 1.4.0 - 1.8.0
VICIdial Unauthenticated Command Injection via Basic Auth Password
VICIdial 2.9 RC1 - 2.13 RC1
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
Pie Register Plugin <= 3.7.1.4
Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
Bolt CMS <= 3.7.0
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
IGEL OS 10 < 10.06.220
IGEL OS 11 < 11.04.270
Pandora FMS Authenticated Remote Code Execution via Ping Module
Pandora FMS <= 7.0NG
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability
PHPStudy 2016-2018
Pi-hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
Pi-hole <= 3.3
Aexol Studio Remote for Mac Code Execution via AppleScript Injection
Remote for Mac <= 2025.7
Google Chrome AppBound Encryption Downgrade and Authentication Bypass
Chrome 127 - 129
Confirmed in Google Chrome with AppBound Encryption enabled.
Chromium-based browsers if they implement similar COM-based encryption mechanisms.
Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
Lucee 5.x
Lucee 6.x
All versions with scheduled task functionality
Microweber CMS Authenticated Local File Inclusion via Backup API
Microweber CMS <= 1.2.11
NSClient++ Local-to-Remote SYSTEM Compromise
NSClient++ 0.5.2.35
Maltrail <=0.54 Remote Command Execution
stamparm/maltrail <=0.54
Anthropic Slack MCP Server Data Exfiltration via Link Unfurling
All default deployments of Anthropic Slack MCP Server
GFI Kerio Control Authentication Bypass and RCE
Kerio Control v9.4.5
Hikvision Integrated Security Management Platform RCE via applyCT Fastjson
Unspecified versions of the Integrated Security Management Platform
Ruijie NBR Router Administrative Credential Disclosure
NBR2000G
NBR1300G
NBR1000
AVTech IP Camera, DVR, and NVR Devices Multiple Vulnerabilities
AVTech IP Camera
AVTech DVR
AVTech NVR
Dahua Smart Cloud Gateway SQL Injection
Unspecified versions
Hikvision Streaming Server Default Credentials Arbitrary File Read
Streaming Media Management Server v2.3.5
Monero Forum RCE via Arbitrary File Read and Cookie Forgery
The forum was built on Laravel 4.2.22 and has been taken offline.
One Identity OneLogin AD Connector Credential Exposure Cross-Tenant Account Compromise
OneLogin < 6.1.5
Beward N100 IP Camera Remote Command Execution
N100 firmware version M2.1.6.04C014
D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read
DSL-2730U firmware IN_1.02
DSL-2750U firmware SEA_1.04, SEA_1.07
DSL-2750E firmware SEA_1.04, SEA_1.07
Fanwei E-Office Unrestricted File Upload
E-Office <= v9.4
Leadsec VPN Path Traversal Arbitrary File Read
OptiLink ONT1GEW GPON Remote Code Execution
ONT1GEW GPON <= V2.1.11_X101 Build 1127.190306
OS4Ed OpenSIS Community SQL Injection
OpenSIS Community v8.0
Vacron NVR Remote Command Execution
NVR firmware <= 1.4
WeiPHP Path Traversal Arbitrary File Read
WeiPHP 5.0
WIFISKY 7-Layer Flow Control Router Remote Command Execution
All versions
5VTechnologies Blue Angel Software Suite Command Injection
5VTechnologies Blue Angel Software Suite Hardcoded Credentials
EnGenius EnShare Cloud Service Command Injection
EnShare Cloud Service <= 1.4.11
Fanwei e-cology SQL Injection
e-cology <= 8.0
Linksys Multiple Routers OS Command Injection
E-Series
WAG-Series
WAP-Series
Moodle LMS Jmol Plugin Path Traversal
Jmol Plugin <= 6.1
Moodle LMS Jmol Plugin Cross-Site Scripting
Sangfor EDR Platform Command Injection
EDR 3.2.16
EDR 3.2.17
EDR 3.2.19
Shenzhen TVT CCTV-DVR Command Injection
White-labeled DVRs based on Shenzhen TVT firmware
Yonyou UFIDA NC Beanshell Code Injection
NC <= 6.5
Zhiyuan OA System Path Traversal File Upload
5.0 series
5.1 - 5.6sp1
6.0 - 6.1sp2
Aquatronica Controller System Credential Leak
Aquatronica Controller System 5.1.6 and prior
Edimax EW-7438RPn Mini Command Injections
EW-7438RPn Mini 1.13 and prior
Karel IP Phone IP1211 Path Traversal
Unspecified versions of Karel IP1211
MiniDVBLinux Root Command Injection
MiniDVBLinux 5.4 and prior
sar2html Command Injection
sar2html 3.2.2 and prior
Selea Targa IP OCR-ANPR Camera Path Traversal
Build Versions: BLD201113005214, BLD201106163745, BLD200304170901, BLD200304170514, BLD200303143345, BLD191118145435, BLD191021180140
CarPlate Server Versions: CPS 4.013(201105), CPS 3.100(200225), CPS 3.005(191206), CPS 3.005(191112)
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery (SSRF)
SugarCRM PHP Deserialization RCE
SugarCRM 6.5.0 < 6.5.23
SugarCRM 6.7.0 < 6.7.12
SugarCRM 7.5.0 < 7.5.2.4
Sitecore PowerShell Extension Unrestricted Upload RCE
Sitecore Powershell Extension 0 - 7.0
Sitecore Experience Manager (XM) and Platform (XP) Hardcoded Credentials
XM/XP 10.4.0 before 10.4.1 rev. 011941 PRE
XM/XP 10.3.0 before 10.3.3 rev. 011967 PRE
XM/XP 10.1.0 before 10.1.4 rev. 011974 PRE
Sitecore Experience Manager (XM), Platform (XP), and Commerce (XC) Zip Slip RCE
XM/XP/XC 10.0 - 10.4
XM/XP/XC 9.0 - 9.3
Versa Concerto Actuator Authentication Bypass Information Leak
Concerto <= 12.2.0
Versa Concerto Authentication Bypass File Write RCE
Versa Concerto Insecure Docker Mount Container Escape
SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem <= 23.3.40
SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
Xorcom CompletePBX <= 5.2.35
Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting
Jalios JPlatform Multiple XSS
Jalios JPlatform 10 below 10.0.8 (SP8)
Jalios JPlatform before 10.0.7 (SP7)
Jalios JPlatform before 10.0.6 (SP6)
Jalios JPlatform XXE
MagnusBilling Stored Cross-Site Scripting in Alarm Module
MagnusBilling 7.3.0 and lower
MagnusBilling Stored Cross-Site Scripting in Login Logs
BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
BigAnt Server 5.6.06 and below
Four-Faith Hard-coded Credentials
F3x36 firmware v2.0.0
Four-Faith bapply.cgi Auth Bypass
Netgear FVS336 Telnet Command RCE
FVS336Gv3 4.3.5-3 and below
FVS336Gv2 4.3.3-6 and below
Invoice Ninja PDF Rendering Server Side Request Forgery
5.8.56 - 5.11.23
NETGEAR DGN setup.cgi OS Command Execution
DGN1000 before 1.1.00.48
Four-Faith Industrial Router Authenticated Command Injection
F3x24
F3x36
ProjectSend Unauthenticated Configuration Modification
ProjectSend before r1720
Linear eMerge e3-Series Forgot Password Command Injection
Linear eMerge e3-Series through 1.00-07
Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 through 2.9.0
PTZOptics NDI and SDI Cameras Configuration Command Injection
PTZOptics PT30X-SDI before 6.3.40
PTZOptics PT30X-NDI-xx-G2 before 6.3.40
Other white-label AV equipment based on ValueHD Corporation PTZ Camera Firmware
PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication
SPIP Bigup Multipart File Upload Command Injection
4.3.0 - 4.3.1
4.2.0 - 4.2.15
Before 4.1.18
SPIP porte_plume plugin Arbitrary PHP Execution
Before 4.3.0-alpha2
Before 4.2.13
Before 4.1.16
Firewalla BTLE Authenticated Command Injection
Before Firewalla Box Software 1.979
Firewalla BTLE Weak Credentials
anji-plus AJ-Report Authentication Bypass to RCE
anji-plus AJ-Report before 1.4.1
BC Security Empire Unauthenticated RCE
BC Security Empire before 5.9.3
Rejetto HTTP File Server 2.3m Unauthenticated RCE
Rejetto HTTP File Server 2.3m
ASUS OVPN Code Execution
ASUS ExpertWiFi before 3.0.0.6.102_44544
ASUS RT-AX55 before 3.0.0.4.386_52303
ASUS RT-AX58U before 3.0.0.4.388_24762
Grandstream UCM Series IP PBX HTTP Parameter Injection
Grandstream UCM Series IP PBX before 1.0.20.52
Artemis Java Test Sandbox Class Loading Escape
Artemis Java Test Sandbox versions less than 1.8.0
MolecularFaces XSS
MolecularFaces versions less than 0.3.0
Enonic XP Session Fixation Vulnerability
Enonic XP versions less than 7.7.4
AWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions starting at 2.0.0 up to 2.2.0
AWS Encryption SDK for Java versions less than 1.9.0
Artemis Java Test Sandbox InvocationTargetException Subclass Escape
Artemis Java Test Sandbox versions less than 1.7.6
Artemis Java Test Sandbox Libary Load Escape
Artemis Java Test Sandbox versions less than 1.11.2
upokecenter CBOR Denial of Service
com.upokecenter.cbor versions starting at 4.0.0 up to 4.5.1
ClickHouse Client Certificate Password Exposure
com.clickhouse:clickhouse-r2dbc versions less than 0.4.6
com.clickhouse:clickhouse-jdbc versions less than 0.4.6
com.clickhouse:clickhouse-client versions less than 0.4.6
FOLIO mod-remote-storage
mod-remote-storage versions less than 1.7.2
mod-remote-storage versions starting at 2.0.0 up to 2.0.3
DependencyCheck Debug Mode Logging of NVD API Key
org.owasp:dependency-check-maven versions starting at 9.0.0 up through 9.0.6
org.owasp:dependency-check-cli versions starting at 9.0.0 up through 9.0.5
org.owasp:dependency-check-ant versions starting at 9.0.0 up through 9.0.5
FOLIO mod-data-export-spring Hard-Coded Credentials
org.folio:mod-data-export-spring versions less than 1.5.4
org.folio:mod-data-export-spring versions starting at 2.0.0 up to 2.0.2
Consensys Discovery Nonce Reuse
ConsenSys Discovery versions less than 0.4.5
encoded_id-rails Denial of Service Vulnerability
encoded_id-rails versions less than 1.0.0.beta2
httparty Multipart/Form-Data Request Tampering Vulnerability
httparty versions less than or equal to 0.20.0
Iodine Static File Server Path Traversal Vulnerability
Iodine versions less than 0.7.33
CommonMarker Integer Overflow Vulnerability
CommonMarker versions less than 0.23.4
Audited Log Integrity Errors Due to Race Condition
Audited versions starting at 4.0.0 up to 5.3.3
govuk_tech_docs XSS Vulnerability
govuk_tech_docs versions starting at 2.0.2 up to 3.3.1
Mismanagement of Exceptional Conditions in Newtonsoft.Json
Newtonsoft.Json versions less than 13.0.1
TinyMCE Cross-Site Scripting Vulnerability
TinyMCE versions less than 5.9.0
PeterO.Cbor Library Service Denial
PeterO.Cbor versions starting at 4.0.0 up to 4.5.1
TinyMCE Plugins Suffer from Cross-Site Scripting Vulnerability
TinyMCE versions less than 5.10.0
TinyMCE versions less than 5.6.0
QBittorrent Web UI Default Credentials Leads to RCE
All known versions of Qbittorrent. Unpatched as of v4.5.5.
Sangfor Next-Gen Application Firewall Authentication Bypass
Sangfor NGAF 8.0.17.364 (AWS)
Sangfor Next-Gen Application Firewall Authenticated File Disclosure
Sangfor Next-Gen Application Firewall PHPSESSID Command Injection
Sangfor Next-Gen Application Firewall Source Code Disclosure
Sangfor Next-Gen Application Firewall Login Un Param Command Injection
MikroTik RouterOS JSProxy Heap Corruption
MikroTik RouterOS stable before 6.49.10
MikroTik RouterOS long-term through 6.48.8
MikroTik RouterOS Administrator Privilege Escalation
MikroTik RouterOS stable through 6.49.6
MikroTik RouterOS long-term through 6.48.7
MultipartParser DOS with too many fields or files in Starlette Framework
Python module starlette versions lessage than 0.25.0. It is patched in 0.25.0.
Insecure random generation in Netflix Lemur python app
Python app lemur versions less than 1.3.2. It is patched in 1.3.2.
Ibexa eZ Platform /user/sessions endpoint can be abused to determine account existence
ezpublish-kernel versions 6.13.0 through 16.13.8.0 and 7.5.0 through 7.5.15.0
Ibexa Kernel for eZ Platform allows determining account existence due to insufficient anti-timing attack method
ezpublish-kernel versions 7.5.0 upto 7.5.29
ezplatform-kernel versions 1.3.0 upto 1.3.19
Ibexa Kernel for eZ Platform ignoring object state limitation policy granting access to certain links
ezpublish-kernel versions 7.5.0 upto 7.5.28
Ibexa Kernel and Kernel for eZ Platform users assigned with Company role can assign any role to any user
ezpublish-kernel versions 7.5.0 upto 7.5.30
ezplatform-kernel versions 1.3.0 upto 1.3.26
Ibexa Kernel and Kernel for eZ Platform can be abused to upload code that contains XSS vulnerabilities
ezplatform-kernel versions prior to and including 1.2.5 and between 1.3.0 and 1.3.1 inclusive
ezpublish-kernel versions prior to and including 6.13.8.1 and between 7.0.0 and 7.5.15.1 inclusive
Xiongmai NVR HTTP Stack-based Buffer Overflow
MBD6304T V4.02.R11.00000117.10001.131900.00000
NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000
Netgear UPNP Stack-based Buffer Overflow
MR60 before 1.1.7.132
MS60 before 1.1.7.132
R6900P before 1.3.3.154
Sunlogin Sunflower Command Execution
Sunlogin Sunflower Simple 1.0.1.43315 and below
Sunlogin Sunflower Personal 1.0.1.43315 and below
vBulletin PHP Deserialization
vBulletin before 5.6.9 PL1
Personnummer for Dart regular expression mishandles last 4 digit values
personnummer dart versions prior to 3.0.3
Elixir Ecto lacks a protection mechanism around `is_nil` and `raise`
Ecto version 2.2.0
Phoenix.HTML allows XSS in HEEx class attributes
Phoenix.HTML versions prior to 3.0.4
ThinkPHP Language Pack Local File Include
ThinkPHP before 6.0.14
Xiongmai NVR Upgrade Command Injection
Oracle Solaris CDE Local Privilege Escalation
Oracle Solaris 10 1/13
myVesta Control Panel Command Injection
myVesta Control Panel before 0.9.8-26-43
Vesta Control Panel before 0.9.8-26
D-Link DSL-2750B Command Injection
D-Link DSL-2750B hardware revision Dx before firmware 1.05
MVPower CCTV DVR Webshell Backdoor
MVPower TV-7104HE and TV-7108HE from 2014-2019
MikroTik RouterOS HTTP Stack-based Buffer Overflow (Chimay-Red)
MikroTik RouterOS stable before 6.38.5
MikroTik RouterOS long-term before 6.37.5